Filter
Top Products
Glossary
GL-2
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
ASA 5500 AIP SSM
Advanced Inspection and Prevention Security Services Module. The IPS plug-in module in the Cisco
ASA 5500 series adaptive security appliance. The ASA 5500 AIP SSM is an IPS services module that
monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based
on an extensive, embedded signature library. When the ASA 5500 AIP SSM detects unauthorized
activity, it can terminate the specific connection, permanently block the attacking host, log the incident,
and send an alert to the device manager. See also adaptive security appliance.
ASA 5500-X IPS SSP
Intrusion Prevention System Security Services Processor. The IPS is running as a service and ASA
controls sending and receiving traffic to and from the IPS. The IPS services processor monitors and
performs real-time analysis of network traffic by looking for anomalies and misuse based on an
extensive, embedded signature library. When the ASA 5500-X IPS SSP detects unauthorized activity,
it can terminate the specific connection, permanently block the attacking host, log the incident, and
send an alert to the device manager. See also adaptive security appliance.
ASA 5585-X IPS SSP
Intrusion Prevention System Security Services Processor. The IPS plug-in module in the Cisco ASA
5585-X adaptive security appliance. The ASA 5585-X IPS SSP is an IPS services processor that
monitors and performs real-time analysis of network traffic by looking for anomalies and misuse based
on an extensive, embedded signature library. When the ASA 5585-X IPS SSP detects unauthorized
activity, it can terminate the specific connection, permanently block the attacking host, log the incident,
and send an alert to the device manager. See also adaptive security appliance.
Alarm Channel
The IPS software module that processes all signature events generated by the inspectors. Its primary
function is to generate alerts for each event it receives.
alert
Specifically, an IPS event type; it is written to the Event Store as an evidsAlert. In general, an alert is
an IPS message that indicates a network exploit in progress or a potential security problem occurrence.
Also known as an alarm.
Analysis Engine
The IPS software module that handles sensor configuration. It maps the interfaces and also the
signature and alarm channel policy to the configured interfaces. It performs packet analysis and alert
detection. The Analysis Engine functionality is provided by the SensorApp process.
anomaly detection
AD. The sensor component that creates a baseline of normal network traffic and then uses this baseline
to detect worm-infected hosts.
API
Application Programming Interface. The means by which an application program talks to
communications software. Standardized APIs allow application programs to be developed
independently of the underlying method of communication. Computer application programs run a set
of standard software interrupts, calls, and data formats to initiate contact with other devices (for
example, network services, mainframe communications programs, or other program-to-program
communications). Typically, APIs make it easier for software developers to create links that an
application needs to communicate with the operating system or with the network.
application
Any program (process) designed to run in the Cisco IPS environment.
application image
Full IPS image stored on a permanent storage device used for operating the sensor.
application instance
A specific application running on a specific piece of hardware in the IPS environment. An application
instance is addressable by its name and the IP address of its host computer.
application partition
The bootable disk or compact-flash partition that contains the IPS software image.
ARC
Attack Response Controller. Formerly known as Network Access Controller (NAC). A component of
the IPS. A software module that provides block and unblock functionality where applicable.